Security news13 June 2006
JavaScript Yamann worm targets Yahoo! email users No reported infections from Sophos customers
The Yamman worm targets Yahoo! mail users
Experts at SophosLabs™, Sophos's global network of threat analysis centers, have issued protection against a worm which targets users of Yahoo! webmail.
The JS/Yamann-A (also known as Yamanner) JavaScript worm attempts to exploit a vulnerability to infect users of Yahoo!'s email and webgroup services. Although the virus has stirred enormous media interest, Sophos has received no reports of infections from any of its customers.
Unlike many other worms which can travel via email, the Yamann-A worm does not use email attachments, instead embedding itself as malicious JavaScript code inside the body of the message. The vulnerability exploited by the worm is Yahoo's system rather than in software run by the user. As such, it is not comparable to security vulnerabilities that have been found in the past in web browsers such as Internet Explorer and Firefox.
"Businesses tend to use their own email systems rather than the type of free webmail accounts offered by the likes of Yahoo!, Hotmail and Gmail," said Graham Cluley, senior technology consultant for Sophos. "The good news is that Yahoo! appears to have already fixed the problem, meaning that the Yamann worm can no longer spread via its systems."
A representative for Yahoo! has been quoted in the press confirming that the vulnerability has been removed from its systems, and that Yahoo! mail users do not have to take any further action to avoid infection by the worm.
"We have taken steps to resolve the issue and protect our users from further attacks of this worm," said Kelley Podboy of Yahoo!. "The solution has been automatically distributed to all Yahoo! Mail customers, and requires no additional action on the part of the user."
Companies are recommended to protect their email with a consolidated solution to thwart the virus, spyware and spam threats and secure their desktops and servers with automatically updated anti-virus protection.
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
About Sophos
Sophos enables enterprises all over the world to secure and control their IT infrastructure. Sophos's network access control, endpoint, web and email solutions simplify security to provide integrated defenses against malware, spyware, intrusions, unwanted applications, spam, policy abuse, data leakage and compliance drift. With over 20 years of experience, Sophos protects over 100 million users in nearly 150 countries with its reliably engineered security solutions and services. Recognized for its high level of customer satisfaction and powerful yet easy-to-use solutions, Sophos has received many industry awards, as well as positive reviews and certifications.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com
